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Appl. No. 10/065,802 ^ ^ 

Response to the outstanding 6 month SSP Office Action Dated Dec. 14, 2004 

Remarks for the outstanding office action begin on page 19 of tfiis paper. 

This listing of clainns will replace all prior versions, and listings, of claims in the 
application: 

Lifttinq off Claims: 

1 . (original) A computer-based method for a multiparty electronic serwce, the 
method comprising steps of: 

negotiating a machine interpretaWe service specification between all parlies, 
which would cooperate with a particular application mnning on a host system; 
defining said service specification to: 
identify cooperating parties; 

identify a requestor and format of a service request, said request Is adapted to 
contain Information about an individual; 

conduct conditional processing steps required for said sen/ice request, said 
conditional processing steps Is adapted to use stored data about said individual; 
and 

provide conditional notifications, said notifications is adapted to Include additional 

information about the individual described in the request; 

providing a secure computation environment In said host system; 

uploading said service specification into said secure computation environment, 

enforcing said service specification with regards to all cooperating parties; 

receiving a sen/Ice request from said requestor; 
providing a secure co-processor in said secure computation environment for 
processing said service request, where said secure processing includes: 
detemiining the sen/Ice specification that governs said sen/ice request; 
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validating the actual requestor and the content of the service request against an 
expected requestor and expected contents as defined in the sen^ice 
specification; and 

executing the conditional processing and the notifications as defined in the 
service specification. 

2. (original) The method of claim 1 further comprising the step of allowing at least 
one party of said cooperating parties to cancel said sen/ice specification wherein 
all future service requests that rely on said cancelled sen/ice specification will be 
rejected. 

3. (original) The method of claim 2 wherein said steps of negotiating a machine 
interpretable sen/Ice specification, uploading, enforcing, receiving a service 
request, and canceling said sendee specification comprises the step of 
conducting said previous steps multiple times. 

4. (original) The method of claim 1 further comprising the steps of: 
negotiating multiple machine inteipretabie sen/ice specifications; 
defining said multiple service specifications; 

uploading said multiple sen/ice specifications into said secure computation 

environment; and 

enforxjing said multiple sen/ice specifications with regards to all cooperating 
parties. 

6. (original) The method of claim 4 wherein said secure processing steps further 
comprises the step of having at least one of said secure processing steps being 
executed unconditionally. 

6. (original) The method of claim 1 wherein said secure processing steps further 
comprises the step of having at least one of said secure processing steps use 
data provided in said sendee request and found in said host system to derive 
further information about said individual described in said sen/ice request. 
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7. (Original) The method of claim 6 wherein said at least one of said secure 
processing steps further comprises the step of computing a correlation between 
biometric data provided in said sen^ice request and biometric data looked up in 
said host system. 

8. (original) The method of claim 1 wherein said step of providing conditional 
notifications further comprises the step of providing an empty message. 

9. (original) The method of claim 1 wherein said step of negotiating a machine 
interpretable service specification between all parties further comprises the step 
of providing a contract for governing the negotiated service specification. 

10. (original) The method of claim 1 wherein said secure processing steps further 
comprises the step of notifying said requestor that said service request was 
processed. 

11. (original) The method of claim 1 wherein said step of enforcing said sen/Ice 
specification further comprises the step of uploading at least one database from 
at least one party of said cooperating parties, information contained therein from 
said at least one database is stored in said host system. 

12. (original) The method of claim 4 wherein said step of negotiating multiple 
machine interpretable sen/Ice specifications between any cooperating parties 
further comprises the step of providing a contract for governing each negotiated 
service specification. 

13. (original) The method of claim 1 wherein said step of providing conditional 
notifications further comprises the step of providing a notification that is adapted 
to contain information about said Individual. 

14. (original) The method of claim 13, wherein said step of providing a notification 
that is adapted to contain information about said individual further comprises the 
step of providing said notification to at least one party of said cooperating parties, 
said at least one party of said cooperating parties Is a party other than said 
requestor. 
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15. (original) The method of. claim 14, wherein said step of providing a notification 
to at least one party of said cooperating parties that is adapted to contain 
Infonnation about said individual further comprises the step of providing 
notification to said at least one party of said cooperating parties that Is a party 
other than a provider of said stored data. 

16. (original) The method of claim 1 wherein said step of providing conditional 
notifications further comprises the step of providing a notification to at least one 
party of said cooperating parties that Is adapted to contain no infonnation about 
said individual. 

17. (original) Apparatus for a multiparty electronic sen/Ice, the apparatus 
comprising: 

at least one host computer adapted to have at least one secure co-processor 
operating in a secure computation environment, said at least one host computer 
operative to: negotiate a machine interpretable sewlce specification between all 
parties, which would cooperate with a particular application njnning on said host 
computer; upload said service specification into said secure computation 
environment; enforce said sen/ice specification with regards to all cooperating 
parties; receive a service request from a requeslon execute secure processing of 
said service request; and provide notifications as defined In the service 
specification. 

18. (original) The apparatus of claim 17, wherein said at least one host computer 
is further operative to define said service specification to: 

identify said cooperating parties; 

identify said requestor and the format of said service request, said request Is 

adapted to contain information about an individual; 

conduct conditional processing steps required for said service request, said 

conditional processing steps Is adapted to use stored data about said individual; 

and 
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provide conditional notifications, said conditional notifications is adapted to 
Include additional information about the individual described in the request. 

19. (original) The apparatus of claim 17 wherein said at least one host computer 
is further operative to execute said secure processing to: 

determine the service specification that governs said service request; 
validate said requestor and the content of the service request against an 
expected requestor and expected contents as defined In the sen^ice 

specification; and 

execute conditional processing as defined in the service specification. 

20. (original) The apparatus of claim 17 wherein said at least one host computer 
is further operative to provide said notifications as condllionai notifications that is 
adapted to include additional Information about an individual described in the 
request. 

21 . (original) The apparatus of claim 17 wherein said at least one host computer 
is further operative to provide a contract for governing the negotiated service 
specification. 

22. (original) The apparatus of claim 17 wherein said at least one host computer 
operative to negotiate said machine interpretaWe service specification, upload 
said service specification, enforce said service specification, and receive a 
service request, is further operative to conduct said negotiating, uploading, 
enforcing and receiving functions multiple times. 

23. (original) The apparatus of claim 17 wherein said at least one host computer 
Is further operative to use data provided in said sen/ice request and found in said 
host computer to derive further Information about an individual described in said 
service request. 
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24. (original) The apparatus of claim 23 wlierein said at least one host computer 
is further operative to compute a correlation between blometric data provided in 
said sen/ice request and biometric data looked up In said host computer. 

25. (original) The apparatus of claim 17 wherein said at least one host computer 
is further operative to compute a correlation between blometric data provided In 
said sen/ice request and biometric data looked up in said host computer. 

26. (original) The apparatus of claim 17 wherein said at least one host computer 
operative to provide notifications is further operative to provide an empty 
message. 

27. (original) The apparatus of claim 17 wherein said at least one host computer 
is further operative to upload at least one database from at least one party of said 
cooperating parties, information contained therein from said at least one 
database is adapted to be stored in said host computer. 

28. (original) The apparatus of claim 17 wherein said at least one host computer 
operative to negotiate a machine interpretable sen/toe specification between all 
parties is further operative to: negotiate multiple machine Interpretable sendee 
specifications; define said multiple sewlce speCHIcatlons; upload said multiple 
service specifications Into said secure computation environment; and 
enforce said multiple service specifications with regards to all cooperating 
parties. 

29. (original) The apparatus of claim 17 wherein said at least one host computer 
operative to provide notifications Is further operative to notify said requestor that 
said service request was processed. 
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30. (original) The apparatus of claim 27 wherein said at least one host computer 
operative to provide notifications is further operative to provide conditional 
notifications that is adapted to contain Information about an individual. 

31 . (original) The apparatus of claim 18 wherein said at least one host computer 
Is further operative to provide said conditional notifications to another parly of 
said cooperating parties, said another party of said cooperating parties is a party 
other than said requestor. 

32. (original) The method of claim 31 . wherein said at least one host computer 
operative to provide said conditional notifications to said another party of said 
cooperating parties 

is further operative to provide said conditional notifications to a party other than a 
provider of said stored data. 

33. (original) An Identification apparatus for matching individuals, the apparatus 
comprising: 

at least one host computer adapted to have at least one secure co-processor 
operating in a secure computation environment, said at least one host computer 
operative to: negotiate a machine interpretable contract between all parties, 
which would cooperate with a particular application running on said host 
computer; upload said contract Into said secure computation environment; 
enforce said contract with regards to all cooperating parties; receive a service 
request from a requestor; execute secure processing of said sewice request; and 
provide notifications as defined in the contract. 

34. (original) An article of manufacture for use In a multiparty electronic service, 
comprising a machine readable medium tangibly embodying a program of 
instructions executable by a machine for Implementing a method, the method 
comprising steps of: 
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negotiating a machine interpretable service specification lietween all parties, 
which would cooperate with a particular application running on a host system; 
defining said service specification to: 
identify cooperating parties; 

identify a requestor and fonnat of a service request, said request is adapted to 
contain infonnation about an Individual; 

conduct conditional processing steps required for said seivice request, said 
conditional processing steps is adapted to use stored data about said individual; 
and 

provide conditional notifications, said notifications is adapted to include additional 

infomiatlon about the individual described in the request. 

providing a secure computation environment In said host system; 

uploading said service specification into said secure computation environment; 

enforcing said service specification with regards to all cooperating parties; 

receiving a service request from said requestor; 
providing a secure co-processor In said secure computation environment for 
processing said service request, where said secure processing includes: 
detennlning the service specification that governs said service request; 
validating the actual requestor and the content of the sen/ice request against an 
expected requestor and expected contents as defined In the service 
specification; and 

executing the conditional processing and the notifications as defined In the 
service specification. 

35. (original) A program storage device readable by a machine, tangibly 
embodying a program of Instructions executable by the machine to perform 
methods steps for managing a matching Identification sen/Ice, the method 
comprising the steps of: 

negotiating a machine interpretable sen/Ice specification between all parties, 
which would cooperate with a particular application mnning on a host system; 
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defining said service specification to: 
identify cooperating parties; 

identify a requestor and format of a service request, said request is adapted to 
contain Information atx>ut an individual; 

conduct conditional processing steps required for said service request, said 
conditional processing steps Is adapted to use stored data atwut said individual; 
and 

provide condHlonal nofrfications. said notifications is adapted to include additional 

information about the individual described in the request; 

providing a secure computation environment in said host system; 

uploading said service specification into said secure computation environment; 

enforcing said service specification with regards to all cooperating parties; 

receiving a service request from said requestor; 
providing a secure co-processor in said secure computation environment for 
processing said sendee request, where said secure processing includes: 
determining the senrtce specification that governs said service request; 
validating the actual requestor and the content of the sen^ice request against an 
expected requestor and expected contents as defined in the service 
specification; and 

executing the conditional processing and the notifications as defined In the 
service specification. 

36. (previously presented) A multiparty electronic service method comprising the 
steps of: 

providing at least one host computer adapted to have at least one secure co- 
processor operating in a secure computation environment, 
operating said at least one host computer to negotiate a machine Inlerpretable 
service specification between all parties, which would cooperate with a particular 
application running on said host computer; 

uploading said sen^ice specification into said secure computation environment; 
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enforcing said service specification with regards to all cooperating parties; 

receiving a service request from a requestor; 

executing secure processing of said service request; and 

providing notifications as defined in the sen/ice specification. 

37. (previously presented) An identification method for matching individuals, the 
method comprising the steps of: 

providing at least one host computer adapted to have at least one secure co- 
processor operating in a secure computation environment; 
operating said at least one host computer to negotiate a machine interpretable 
contract between all parties, which would cooperate with a particular application 
running on said host computer; 

uploading said contract Into said secure computation environment; 
enforcing said contract with regards to all cooperating parties; 
receiving a sen/ice request from a requestor; 
executing secure processing of said sen/ice request; and 
providing notifications as defined in the contract. 

38. (previously presented) An article of manufacture for use In a multiparty 
electronic senrtce, comprising a machine readable medium tangibly embodying a 
program of Instructions executable by a machine for implementing a method, the 
method comprising steps of: 

providing at least one host computer adapted to have at least one secure co- 
processor operating in a secure computation environment; 
operating said at least one host computer to negotiate a machine Interpretable 
sen/ice specification between all parties, which would cooperate wrth a particular 
application running on said host computer; 

uploading said sen/ice specification Into said secure computation environment; 
enforcing said service specification with regards to all cooperating parties; 
receiving a sen/ice request from a requestor; 
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executing secure processing of said service request; and 
providing notifications as defined In the service specification. 

39. (previously presented) A program storage device readable by a machine, 
tangibly embodying a program of instructions executable by the machine to 
perform methods steps for managing a matching Identification service, the 
method comprl^ng the steps of: 

providing at least one host computer adapted to have at least one secure co- 
processor operating in a secure computation environment; 
operating said at least one host computer to negotiate a machine interpretable 
service specification between all parties, which would cooperate with a particular 
application running on said host computer; 

uploading said service specification into said secure computation environment; 
enforcing said service specification with regards to all cooperating parties; 
receiving a service request from a requestor; 
executing secure processing of said senrice request; and 
providing notifications as defined In the service specification. 

40. (previously presented) An article of manufacture for use In matching 
individuals, comprising a machine readable medium tangibly embodying a 
program of instructions executable by a machine for implementing a method, the 
method comprising steps of: 

providing at least one host computer adapted to have at least one secure co- 
processor operating in a secure computation environment; 
operating said at least one host computer to negotiate a machine interpretable 
contract between all parties, which would cooperate with a particular application 
running on said host computer; 

uploading said contract into said secure computation environment; 
enforcing said contract with regards to all cooperating parties; 
receiving a service request from a requestor; 
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executing secure processing of said service request; and 
providing notifications as defined in the contract. 

41 . (previously presented) A program storage device readable by a machine, 
tangibly embodying a program of instnjctions executable by the machine to 
perform methods steps for managing a matching identification service, the 
method comprising the steps of: providing at least one host computer adapted to 
have at least one secure co-processor operating in a secure computation 
environment; 

operating said at least one host computer to negotiate a machine interpretable 
contract between all parties, which would cooperate with a particular application 
running on said host computer; 

uploading said contract Into said secure computation environment; 
enforcing said contract with regards to all cooperating parties; 
receiving a service request from a requestor; 
executing secure processing of said senrice request; and 
providing notifications as defined in the contract. 

42. (previously presented) A computer-based method for a multiparty electronic 
sen/ice, the method comprising steps of: 

implementing on a computer system at least one contract for governing a 
service between a senrice provider, a client and at least one other party; 

receiving at said sennce provider a first request from a client; 

sending from said service provider a data request to one of at least one 
other party; 

receiving, at said service provider from said one of at least one other 
party, a data response In a secure computation environment; 

determining. In accordance with said contract, whether a match exists 
t)etween said first request and said data response; 
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rf a match results from said determining step, providing a notification of 
said match to said at least one other party. 

43. (previously presented) The method of claim 42 further comprises the step of 
providing said notification even if there is no match as determined in said 
determining step. 

44. (previously presented) The method of daim 43, wherein said step of 
providing said notification comprises the step of providing a dummy message to 
said at least one other party. 

45. (previously presented) The method of claim 42 further comprises the step of 
notifying said client that said first request was processed. 

46. (previously presented) The method of claim 42 wherein the Implementing the 
at least one contract step comprises the step of assigning a contract ID for any 
contract that governs a sendee between the sewice provider, the client and the al 
least one other party. 

47. (previously presented) The method of claim 42 further comprises the step of 
executing the previous steps in a contract engine within the secure computation 
environment. 

48. (previously presented) The method of claim 47 further comprises the step of 
providing a plurality of contract engines coupled to a communication network. 

49. (previously presented) The method of claim 42 wherein the determining step 
comprises the step of performing the detennlnation In a crypto-coprocessor. 
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50. (previously presented) A computer-based method for a multiparty electronic 
service, the method comprising steps of: 

implementing on a computer system at least one contract for governing a 
sen/ice between a service provider, a client and at least one other party; 

determining, in accordance with said contract, whether a match exists 
between a first request from said client and a data response from one of at least 
one other party; 

if a match results from said determining step, providing a notification of 
said match to said at least one other party. 

51 . (previously presented) The method of claim 50 further comprises the step of 
providing said notification even if there is no match as detemnined in said 
determining step. 

52. (previously presented) The method of claim 51 , wherein said step of 
providing said notification comprises the step of providing a dummy message to 
said at least one other party. 

53. (previously presented) The method of claim 50 further comprises the step of 
notifying said client that said first request was processed, 

54. (previously presented) The method of claim 50 wherein the implementing the 
at least one contract step comprises the step of assigning a contract ID for any 
contract that govems a senrtce between the service provider, the client and the at 
least one other party. 

55. (previously presented) A computer-based method for managing a matching 
identification service, the method comprising the steps of: 

Implementing on a computer system at least one contract having a 
contract ID for governing said matching identification service between a sen/ice 
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provider, a client and at least one other party determining, in accordance with 
said contract ID, whether a match exists between a first request from said client 
and a data response from one of at least one other party; 

if a match results from said determining step, providing a notification of 
said match to said at least one other party. 

56. (previously presented) The method of claim 55 further comprises the step of 
providing said notification even if there is no match as determined in said 
detennining step. 

57. (previously presented) The method of claim 56. wherein said step of 
providing said notification comprises the step of providing a dummy message to 
said at least one other party. 

68. (previously presented) The method of claim 55 further comprises the step of 
notifying said client that said first request was processed. 

59. (previously presented) Apparatus for a multiparty electronic service, the 
apparatus comprising: 

at least one host computer operative to: mainlain and enforce at least one 
contract for governing a senrice between a service provider, a client and at least 
one other parly; and to determine. In accordance with said at least one contract, 
whether a match exists between a first request from said client and a data 
response from one of at least one other party; 

said at least one host computer is further operative to provide a 
notification to said at least one other party if a match results from said 
determination. 
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60. (previously presented) The apparatus of claim 59, wherein said at least one 
host computer is further operative to provide said notification to said at least one 
other party if no match results from said determination. 

61. (previously presented) The apparatus of claim 60. wherein said at least one 
host computer is further operative to provide a dummy message to said at least 
one other party. 

62. (previously presented) The apparatus of claim 59. wherein said at least one 
host computer is further operative to provide a notification to said client that said 
first request was processed. 

63. (previously presented) The apparatus of claim 59. wherein said at least one 
host computer comprises: 

a secure computation environment for processing sensitive data; 

a network handler for sending and receiving messages to and from said 
secure computation environment and a network; and 

a storage handler to process database requests that come from inside 
said secure computation environment and retrieves Information from a secured 
database containing said contracts and private information data. 

64. (previously presented) The apparatus of claim 59, wherein said at least one 
host computer Is further operative to provide a contract ID for any contract that 
governs a sen/ice between the sen/ice provider, the client and the at least one 
other party. 
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65. (previously presented) Apparatus for a matching identification sen/ice, the 
apparatus comprising: 

at least one host computer operative to: maintain and enforce at least one 
contract having a contract ID for governing a sen/Ice twtween a sen/ice provider, 
a client and at least one other party; and to determine, in accordance with said at 
least one contract, whether a match exists Ijetween a first request from said 
client and a data response from one of at least one other party; 

said at least one host computer is further operative to provide a 
notification to said at least one other party if a match results from said 
determination. 

66. (previously presented) The apparatus of claim 65, wherein said at least one 
host computer comprises: 

a secure computation environment for processing sensitive data; 

a network handler for sending and receiving messages to and from said 
secure computation environment and a network; and 

a storage handler to process database requests that come from insWe 
said secure computation environment and retrieves information from a secured 
database containing said contracts and private information data. 

67. (previously presented) The apparatus of claim 66, wherein said secure 
computation environment comprises a contract engine operative to: handle said 
first request, conduct a matching task, and provide a respond senrtng as said 
notification. 

68. (previously presented) The apparatus of claim 65. wherein said at least one 
host computer Is further operative to provide said notification to said at least one 
other party If no match results from said determination. 
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